【資安漏洞預警】以Chromium為基礎之瀏覽器存在5個高風險安全漏洞，請儘速確認並進行修補

【行政公告】

公告單位	圖資處數位服務組
訊息類別	行政公告行政公告	公告對象	全體
公告主題	【資安漏洞預警】以Chromium為基礎之瀏覽器存在5個高風險安全漏洞，請儘速確認並進行修補 [Security Vulnerability Alert] Five high-risk security vulnerabilities exist in Chromium-based browsers. Please identify and patch them as soon as possible.
公告內容	轉發國家資安資訊分享與分析中心資安訊息警訊 NISAC-200-202512-00000131 [內容說明] 研究人員發現Google Chrome、Microsoft Edge、Vivaldi及Brave 等以Chromium為基礎之瀏覽器存在5個高風險安全漏洞，類型包含類型混淆(Type Confusion)漏洞(CVE-2025-13630)、權限提升(Privilege Escalation)漏洞(CVE-2025-13631)、使用釋放後記憶體(Use After Free)漏洞(CVE-2025-13633與CVE-2025-13638)及不正確之類型轉換(Incorrect Type Conversion or Cast)漏洞(CVE-2025-13720)，最嚴重可使未經身分鑑別之遠端攻擊者於使用者端執行任意程式碼，請儘速確認並進行修補。 [影響平台] Google Chrome(Linux與Windows) 143.0.7499.40(不含)以下版本 Google Chrome(Mac) 143.0.7499.41(不含)以下版本 Microsoft Edge 143.0.3650.66(不含)以下版本 Vivaldi 7.7.3851.58(不含)以下版本 Brave 1.85.111(不含)以下版本 [建議措施] 一、請更新Google Chrome瀏覽器至143.0.7499.40/41(含)以上版本 https://support.google.com/chrome/answer/95414?hl=zh-Hant 二、請更新Microsoft Edge瀏覽器至143.0.3650.66(含)以上版本 https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 三、請更新Vivaldi瀏覽器至7.7.3851.58(含)以上版本 https://help.vivaldi.com/desktop/install-update/update-vivaldi/ 四、請更新Brave瀏覽器至1.85.111(含)以上版本 https://community.brave.com/t/how-to-update-brave/384780 [參考資料] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-13630 2. https://nvd.nist.gov/vuln/detail/CVE-2025-13631 3. https://nvd.nist.gov/vuln/detail/CVE-2025-13633 4. https://nvd.nist.gov/vuln/detail/CVE-2025-13638 5. https://nvd.nist.gov/vuln/detail/CVE-2025-13720 Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202512-00000131 [Content Description] Researchers have discovered five high-risk security vulnerabilities in Chromium-based browsers such as Google Chrome, Microsoft Edge, Vivaldi, and Brave. These vulnerabilities include Type Confusion (CVE-2025-13630), Privilege Escalation (CVE-2025-13631), Use After Free (CVE-2025-13633 and CVE-2025-13638), and Incorrect Type Conversion or Cast (CVE-2025-13720). The most severe vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the user's device. Please confirm and patch these vulnerabilities as soon as possible. [Affected Platforms] Google Chrome (Linux and Windows): Versions below 143.0.7499.40 Google Chrome (Mac): Versions below 143.0.7499.41 Microsoft Edge: Versions below 143.0.3650.66 Vivaldi: Versions below 7.7.3851.58 Brave: Versions below 1.85.111 [Recommended Measures] I. Please update your Google Chrome browser to version 143.0.7499.40/41 or higher. https://support.google.com/chrome/answer/95414?hl=zh-Hant II. Please update your Microsoft Edge browser to version 143.0.3650.66 or higher. https://support.microsoft.com/zh-tw/topic/microsoft-edge-%E6%9B%B4%E6%96%B0%E8%A8%AD%E5%AE%9A-af8aaca2-1b69-4870-94fe-18822dbb7ef1 III. Please update Vivaldi browser to version 7.7.3851.58 or later. https://help.vivaldi.com/desktop/install-update/update-vivaldi/ IV. Please update Brave browser to version 1.85.111 or later. https://community.brave.com/t/how-to-update-brave/384780 [References] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-13630 2. https://nvd.nist.gov/vuln/detail/CVE-2025-13631 2. https://nvd.nist.gov/vuln/detail/CVE-2025-13633 3. https://nvd.nist.gov/vuln/detail/CVE-2025-13638 4. https://nvd.nist.gov/vuln/detail/CVE-2025-13720
相關訊息
公告時間	2025/12/23 至 2026/6/23	點閱次數	13